search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
25.41k stars 3.93k forks source link

v2ray 如何启用链式代理 #2813

Closed ycsks closed 6 months ago

ycsks commented 10 months ago

我有一台服务器(ip已被墙,目前配置只有vmess+ws+CDN能用,其他失效),还有一个万人骑的机场(shadowsocks,chacha20-ietf-poly1305,我不能部署这台服务器的,只能使用),我的目的是以这个机场来过GFW然后再到我的服务器再访问目的网站,听说链式代理很NB,我的服务器配置如下,谁能提供下v2ray客户端和服务端的配置方法,顺便把那个vless和Trojan的给精简删了吧反正没法使用,我是小白哈

-----------------------xray----config.json---------------------- {

"log": {
    "loglevel": "warning"
},
"routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
        {
            "type": "field",
            "ip": [
                "geoip:cn",
                "geoip:private"
            ],
            "outboundTag": "block"
        }
    ]
},
"inbounds": [
    {
        "port": 443,   //端口
        "protocol": "vless",  //协议类型
        "settings": {
            "clients": [
                {
                    "id": "2443a6a6-ba06-44be-b88c-8abe1ee99738",  //替换为你的uuid
                    "flow": "xtls-rprx-vision"   //流控
                }
            ],
            "decryption": "none",
            "fallbacks": [
                {
                    "dest": 10010,   //Trojan协议的分流端口
                    "xver": 1
                },
                {
                    "path": "/vlessws",    //vless+ws的分流路径
                    "dest": 10011,      //分流端口
                    "xver": 1
                },
                {
                    "path": "/vmessws",   //vmess+ws的分流路径
                    "dest": 10012,    //分流端口
                    "xver": 1
                }
            ]
        },
        "streamSettings": {
            "network": "tcp",
            "security": "tls",
            "tlsSettings": {
                "rejectUnknownSni": true,   //服务端接收到的 SNI 与证书域名不匹配即拒绝 TLS 握手
                "fingerprint": "360",    //TLS指纹伪装,伪装为chrome浏览器指纹
                "allowInsecure": false,   //不允许不安全连接(仅用于客户端)
                "alpn": [
                    "http/1.1","h2"
                ],
                "certificates": [
                    {
                        "ocspStapling": 3600,   //OCSP 装订更新,与证书热重载的时间间隔
                        "certificateFile": "/etc/ssl/private/cert.crt",   //证书位置,绝对路径
                        "keyFile": "/etc/ssl/private/private.key"   //私钥位置,绝对路径
                    }
                ]
            }
        },
        "sniffing": {
            "enabled": true,
            "destOverride": [
                "http",
                "tls"
            ]
        }
    },
    {
        "port": 10010,   //trojan节点的分流端口
        "listen": "127.0.0.1",
        "protocol": "trojan",  
        "settings": {
            "clients": [
                {
                    "password": "pass"  //替换为你的密码
                }
            ],
            "fallbacks": [
                {
                    "alpn": "h2",  //h2回落
                    "dest": 81,   //h2回落端口
                    "xver": 1
                },
                {
                   "dest": 82,  //http/1.1回落端口
                   "xver": 1 
                }
            ]
        },
        "streamSettings": {
            "network": "tcp",
            "security": "none",
            "tcpSettings": {
                "acceptProxyProtocol": true
            }
        }
    },
    {
        "port": 10011,   //vless+ws节点的分流端口
        "listen": "127.0.0.1",
        "protocol": "vless",
        "settings": {
            "clients": [
                {
                    "id": "ba44ec0a-ff3b-43f7-997f-1f3de0de4d9b"   //替换为你的uuid
                }
            ],
            "decryption": "none"
        },
        "streamSettings": {
            "network": "ws",  
            "security": "none",
            "wsSettings": {
                "acceptProxyProtocol": true,   //若使用Nginx/Caddy等反代WS,需要删掉这行
                "path": "/vlessws"   //ws的路径,需要和分流的一致
            }
        }
    },
    {
        "port": 10012,   //vmess+ws节点的分流端口
        "listen": "127.0.0.1",
        "protocol": "vmess",
        "settings": {
            "clients": [
                {
                    "id": "082d06de-374b-4524-8d44-d64f04d16342"   //替换为你的uuid
                }
            ]
        },
        "streamSettings": {
            "network": "ws",
            "security": "none",
            "wsSettings": {
                "acceptProxyProtocol": true,   //若使用Nginx/Caddy等反代WS,需要删掉这行
                "path": "/vmessws"   //ws的路径,需要和分流的一致
            }
        }
    }
], 
"outbounds": [
    {
        "protocol": "freedom",
        "tag": "direct"
    },
    {
        "protocol": "blackhole",
        "tag": "block"
    }
]

}

------------------------------nginx-------nginx.conf----------------------- user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;

events { worker_connections 768; }

http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65;

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    return 301 https://$host$request_uri;    #HTTP自动跳转HTTPS
}

server {
    listen 127.0.0.1:82 proxy_protocol default_server;
    listen 127.0.0.1:81 http2 proxy_protocol default_server;
    set_real_ip_from 127.0.0.1;
    real_ip_header proxy_protocol;
    server_name _;
    return 404;
}     #限定域名访问,返回404

server {
    server_name boop.yuming.mom; #你的域名
    listen 127.0.0.1:82 proxy_protocol; #HTTP/1.1本地监听端口
    listen 127.0.0.1:81 http2 proxy_protocol; #H2本地监听端口
    set_real_ip_from 127.0.0.1;
    real_ip_header proxy_protocol;

    location / {
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #启用HSTS
        proxy_pass https://www.hao123.com; #伪装网址
        proxy_ssl_server_name on;
        proxy_redirect off;
        sub_filter_once off;
        sub_filter "www.hao123.com" $server_name; #伪装网址
        proxy_set_header Host "www.hao123.com"; #伪装网址
        proxy_set_header Referer $http_referer;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Accept-Encoding "";
        proxy_set_header Accept-Language "zh-CN";
    }
}

}

MiniKoro commented 10 months ago

既然你在问我也在你这挂一个问题吧0.0 为什么我的链式代理不生效呢????
{ "tag": "isp", "protocol": "socks", "proxySettings": { "tag": "sg", "transportLayer": true }, "settings": { "servers": [ { "address": "", "ota": false, "port": , "level": 1, "users": [ { "user": "", "pass": "", "level": 1 } ] } ] } }, { "tag": "sg", "protocol": "vmess", "settings": { "vnext": [ { "address": "", "port": , "users": [ { "id": "", "alterId": 0, "email": "", "security": "auto" } ] } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "", "headers": { "Host": "" } } }, "mux": { "enabled": false, "concurrency": -1 } }

ycsks commented 10 months ago

你这个代码怎么用我都不知道,得来个明白人,才能解救哇

MiniKoro commented 10 months ago

啊哈哈,我已经解决了,我是搞错协议了 使用proxySetting和sockop都可以 "proxySettings": { "tag": "us-cc", "transportLayer": true }

"streamSettings": { "sockopt": { "dialerProxy": "us-cc" } }

us254 commented 10 months ago
  1. Shadowsocks is blocked by GFW.
  2. Vmess protocol is operational.

Proxy chain employs Vmess to circumvent the GFW, subsequently utilizing the Shadowsocks IP for website access.


{
  "outbounds": [
    {
      "tag": "shadowsocks",
      "protocol": "shadowsocks",
      "settings": {
        "servers": [
          {}
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "sockopt": {
          "dialerProxy": "proxy"
        }
      }
    },
    {
      "protocol": "vmess",
      "settings": {},
      "tag": "proxy"
    }
  ]
}